GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,150
Erlang
30
GitHub Actions
19
Go
1,952
Maven
5,000+
npm
3,684
NuGet
650
pip
3,305
Pub
11
RubyGems
879
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
284 advisories
Filter by severity
A cross-site scripting (XSS) vulnerability in pfsense v2.5.2 allows attackers to execute...
Critical
Unreviewed
CVE-2024-46538
was published
Oct 22, 2024
The affected product is vulnerable to a cross-site scripting attack which may allow an attacker...
Critical
Unreviewed
CVE-2024-49397
was published
Oct 17, 2024
Cross-site scripting vulnerability in Energy Management Controller with Cloud Services JH-RVB1 ...
Critical
Unreviewed
CVE-2024-23786
was published
Oct 17, 2024
Filament has unvalidated ColorColumn and ColorEntry values that can be used for Cross-site Scripting
Critical
CVE-2024-47186
was published
for
filament/infolists
(Composer)
Sep 27, 2024
A Stored Cross-Site Scripting (XSS) vulnerability in Webkul Krayin CRM 1.3.0 allows remote...
Critical
Unreviewed
CVE-2024-46367
was published
Sep 27, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')...
Critical
Unreviewed
CVE-2024-4657
was published
Sep 25, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')...
Critical
Unreviewed
CVE-2024-7785
was published
Sep 19, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')...
Critical
Unreviewed
CVE-2024-6877
was published
Sep 18, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')...
Critical
Unreviewed
CVE-2024-5959
was published
Sep 18, 2024
A remote code execution (RCE) vulnerability via crafted extension description/changelog could be...
Critical
Unreviewed
CVE-2024-8695
was published
Sep 12, 2024
A SQL injection vulnerability in the poll component in SkySystem Arfa-CMS before 5.1.3124 allows...
Critical
Unreviewed
CVE-2024-45265
was published
Aug 26, 2024
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')...
Critical
Unreviewed
CVE-2023-6452
was published
Aug 22, 2024
XWiki Platform allows XSS through XClass name in string properties
Critical
CVE-2024-43400
was published
for
org.xwiki.platform:xwiki-platform-oldcore
(Maven)
Aug 19, 2024
Azure Stack Hub Spoofing Vulnerability
Critical
Unreviewed
CVE-2024-38108
was published
Aug 13, 2024
An Unrestricted file upload vulnerability was found in "/Membership/edit_member.php" of Kashipara...
Critical
Unreviewed
CVE-2024-40482
was published
Aug 12, 2024
AMTT Hotel Broadband Operation System (HiBOS) V3.0.3.151204 and before is vulnerable to SQL...
Critical
Unreviewed
CVE-2024-41476
was published
Aug 12, 2024
Cross Site Scripting vulnerability in Koha ILS 23.05 and before allows a remote attacker to...
Critical
Unreviewed
CVE-2024-28740
was published
Aug 6, 2024
An issue in Koha ILS 23.05 and before allows a remote attacker to execute arbitrary code via a...
Critical
Unreviewed
CVE-2024-28739
was published
Aug 6, 2024
Long pressing on a download link could potentially allow Javascript commands to be executed...
Critical
Unreviewed
CVE-2024-43111
was published
Aug 6, 2024
Gitea Cross-site Scripting Vulnerability
Critical
CVE-2024-6886
was published
for
code.gitea.io/gitea
(Go)
Aug 6, 2024
A Cross-Site Scripting vulnerability in Roundcube through 1.5.7 and 1.6.x through 1.6.7 allows a...
Critical
Unreviewed
CVE-2024-42009
was published
Aug 5, 2024
A Cross-Site Scripting vulnerability in rcmail_action_mail_get->run() in Roundcube through 1.5.7...
Critical
Unreviewed
CVE-2024-42008
was published
Aug 5, 2024
NextChat has full-read SSRF and XSS vulnerability in /api/cors endpoint
Critical
CVE-2023-49785
was published
for
nextchat
(npm)
Aug 5, 2024
XWiki Platform vulnerable to Cross-Site Scripting (XSS) through conflict resolution
Critical
CVE-2024-41947
was published
for
org.xwiki.platform:xwiki-platform-web-templates
(Maven)
Jul 31, 2024
A Stored Cross-Site Scripting (XSS) vulnerability exists in gaizhenbiao/chuanhuchatgpt version...
Critical
Unreviewed
CVE-2024-6035
was published
Jul 11, 2024
ProTip!
Advisories are also available from the
GraphQL API